1.1 (L1) Host hardware must have auditable, authentic, and up to date system and device firmware

Information

Hardware firmware is not immune to serious issues affecting confidentiality, integrity, or availability. Vulnerable system management controllers and management engines can provide places for attackers to establish persistence, in order to re-infect and re-compromise hosts after reboots and updates.

Ensure that the latest firmware updates are applied to all components of your systems and that the firmware is authentic and supplied by your hardware manufacturer.

To ensure the integrity, security, and optimal performance of server hardware, it is essential to maintain system and device firmware that is verifiable, genuine, and current.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Impact:

If you are a vSAN customer please ensure that storage device and controller firmware versions are certified.

See Also

https://workbench.cisecurity.org/benchmarks/15784

Item Details

Category: SYSTEM AND SERVICES ACQUISITION

References: 800-53|SA-22, CSCv7|2.2, CSCv7|18.4

Plugin: VMware

Control ID: 648a9d6af9beb80ee742981f3c1ddaef2d9d9490e265a2bf3f1c6f5994716d11